11:01:17 #startmeeting scientific-sig 11:01:18 Meeting started Wed Feb 24 11:01:17 2021 UTC and is due to finish in 60 minutes. The chair is oneswig. Information about MeetBot at http://wiki.debian.org/MeetBot. 11:01:19 Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 11:01:21 The meeting name has been set to 'scientific_sig' 11:02:07 #link agenda for today https://wiki.openstack.org/wiki/Scientific_SIG#IRC_Meeting_February_24th_2021 11:02:19 eliaswimmer: hi! 11:02:32 hi Stig! 11:03:15 Thanks for coming along 11:04:45 (Just concluding another meeting) 11:07:22 How's things? 11:08:40 #topic use of glance image metadata for inter-cloud portability 11:09:15 In the topic of inter-cloud portability, image naming is probably square one 11:11:10 #link Listed properties in Glance docs https://docs.openstack.org/glance/latest/admin/useful-image-properties.html 11:11:33 Setting lots of these is helpful to people trying to port their deployment to your cloud 11:13:58 is there some naming convention for images yet? 11:14:06 In practice we could probably set more, for example here's table stakes 11:14:13 os_type: "linux" 11:14:13 os_distro: "centos" 11:14:13 os_version: "7.5" 11:14:15 hw_rng_model: "virtio" 11:14:37 Ah, naming, I think there are only informal conventions there. 11:15:15 This is where the discovery process comes in - how do I ask Glance, "What is the latest best CentOS 8 image" for example 11:15:33 a metadata-driven lookup 11:16:03 Alas we didn't get details ahead on Chris Layton's thoughts on this. 11:16:43 ok, now I get it! For me a patch level tag would be an important label. 11:17:21 cause centos 8 can be a lot off different versions 11:17:31 so true 11:19:31 eliaswimmer: are you providing infrastructure-as-a-service on your system? 11:19:35 (or planning to?) 11:20:04 that's the plan! Currently only in an early stage 11:20:57 There is still a lot to do, like CD of images to OpenStack, image scanning etc 11:22:31 Another question is how to lock images with vulnerabilities 11:22:45 To prevent further deployments with it? 11:22:54 Sounds like a good idea 11:22:54 exactly 11:23:26 one can't remove them as long as the used, at least not when using ceph 11:23:39 Just delete the image perhaps? Deployed instances would only lose the name of the image they used 11:24:16 eliaswimmer: are you sure? could that be a copy-on-write detail 11:24:54 oneswig: Not 100%, maybe it was a permission issue 11:26:07 But when deleting, users miss the metadata from the images 11:32:43 That's true, but perhaps they don't need it after the VM is deployed. 11:34:39 About image scanning. Even if it is a bit off topic now, but we should also do so with Kolla images. 11:37:06 The container images? 11:37:25 We've done some interesting exploration with using Clair 11:38:13 ah, yes. that is what I was thinking 11:38:34 It was enough to convince us that it is a very useful function - we'll definitely use it 11:40:15 I do so with my images for jupyterhub, it's quite easy and the recent sudo bug shows how important that is 11:40:56 same can be done for all types of images, even live systems 11:48:36 On the image tags, there was an effort to set some standards as part of the IRIS federation in the UK, but I don't know if anything has been adopted by that group 11:52:55 Anyway, I don't think we'll progress much further today, between us :-) 11:58:41 I've also looked at Anchore for image scanning. 11:59:43 Hi verdurin, just in time... 11:59:57 Can you compare and contrast? 12:03:26 Ah, we should wrap up. Thanks eliaswimmer verdurin 12:03:30 #endmeeting